﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;

public partial class admin_Profile : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        Utilities.SetLabel(Master, "View Profile");
    }
    protected void btnSave_Click(object sender, EventArgs e)
    {
        if (tbCurrentPass.Text != "" && tbNewPassword.Text != "" && tbRepeatCurrentPass.Text != "")
        {
            using (SqlConnection conn = new SqlConnection(DAO.Connection.CONN_STRING1))
            {
                conn.Open();
                using (SqlCommand cmd1 = new SqlCommand("SELECT * from dbo.Fn_GetUserById(@id)", conn))
                {
                    SqlParameter[] pars = new SqlParameter[1];
                    pars[0] = new SqlParameter("id", Session["admin_id"]);

                    SqlDataReader dr = null;
                    cmd1.Parameters.Add(pars[0]);
                    dr = cmd1.ExecuteReader();
                    if (dr != null && dr.HasRows)
                    {
                        if (dr.Read())
                        {
                            //validate current pass
                            if (dr["password"].ToString() == DAO.CodeFactory.CalcMD5String(tbCurrentPass.Text))
                            {
                                if (tbNewPassword.Text == tbRepeatCurrentPass.Text)
                                {
                                    using (SqlCommand cmd = new SqlCommand("SP_UpdateUserPass", conn))
                                    {
                                        pars = new SqlParameter[2];
                                        pars[0] = new SqlParameter("userid", DAO.GlobalSettings.Decrypt(Request.Cookies["texchange"]["admin_id"]));
                                        pars[1] = new SqlParameter("password", DAO.CodeFactory.CalcMD5String(tbNewPassword.Text));
                                        cmd.CommandType = System.Data.CommandType.StoredProcedure;
                                        cmd.Parameters.Add(pars[0]);
                                        cmd.Parameters.Add(pars[1]);
                                        try
                                        {
                                            cmd.ExecuteNonQuery();
                                            Session["message"] = "Update was succesfull";
                                            Session["message_type_css"] = "par_message_ok";
                                        }
                                        catch (Exception ex)
                                        {
                                            Session["message"] = "There was an error updateing the user. Reason " + ex.ToString();
                                            Session["message_type_css"] = "par_message_error";
                                        }
                                    }
                                }
                                else
                                {
                                    Session["message"] = "New password and current password must be equal";
                                    Session["message_type_css"] = "par_message_error";
                                }
                            }
                            else
                            {
                                Session["message"] = "Invalid password";
                                Session["message_type_css"] = "par_message_error";
                            }
                        }
                        else
                        {
                            Session["message"] = "Please fill all the fields in the form";
                            Session["message_type_css"] = "par_message_error";

                        }
                    }
                    if (dr != null && !dr.IsClosed) dr.Close();
                    Response.Redirect(Request.Url.ToString());
                }
            }
        }
    }
}
